Analyzing Java Template Engine Injection Vulnerabilities and Building Automated Detection Capabilities

This article examines injection vulnerabilities in Java template engines Velocity, FreeMarker, and Thymeleaf, details payload extraction, demonstrates how to generate automated detection rules and security operation capabilities, and discusses future directions for comprehensive attack‑chain analysis.

FreemarkerJavaThymeleaf

0 likes · 12 min read

Analyzing Java Template Engine Injection Vulnerabilities and Building Automated Detection Capabilities

Programmer DD

Jan 7, 2021 · Information Security

Explore Server‑Side Template Injection Labs: Tornado, Velocity & Freemarker

This article continues a series on server‑side template injection by presenting four hands‑on labs covering Tornado (Python), Velocity (Java), Freemarker (Java) and a Freemarker sandbox‑escape, detailing syntax basics, attack surfaces, exploit payloads, defensive measures, and step‑by‑step exercises.

Freemarkerpayloadserver-side

0 likes · 13 min read

Explore Server‑Side Template Injection Labs: Tornado, Velocity & Freemarker